CN104766011A - Sandbox detection alarming method and system based on main engine characteristic - Google Patents
Sandbox detection alarming method and system based on main engine characteristic Download PDFInfo
- Publication number
- CN104766011A CN104766011A CN201510134971.XA CN201510134971A CN104766011A CN 104766011 A CN104766011 A CN 104766011A CN 201510134971 A CN201510134971 A CN 201510134971A CN 104766011 A CN104766011 A CN 104766011A
- Authority
- CN
- China
- Prior art keywords
- detected
- unknown program
- alarm
- program
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 129
- 238000001514 detection method Methods 0.000 title claims abstract description 97
- 244000035744 Hura crepitans Species 0.000 title claims abstract description 65
- 238000012544 monitoring process Methods 0.000 claims abstract description 13
- 230000008569 process Effects 0.000 claims description 83
- 230000006399 behavior Effects 0.000 claims description 25
- 230000003542 behavioural effect Effects 0.000 claims description 11
- 230000009471 action Effects 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 8
- 238000005070 sampling Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 5
- 238000012512 characterization method Methods 0.000 claims description 4
- 230000008570 general process Effects 0.000 claims description 4
- 238000012360 testing method Methods 0.000 claims description 4
- 230000002547 anomalous effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 claims description 3
- 230000001235 sensitizing effect Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 10
- 230000006872 improvement Effects 0.000 description 8
- 230000006378 damage Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510134971.XA CN104766011B (en) | 2015-03-26 | 2015-03-26 | The sandbox detection alarm method and system of Intrusion Detection based on host feature |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510134971.XA CN104766011B (en) | 2015-03-26 | 2015-03-26 | The sandbox detection alarm method and system of Intrusion Detection based on host feature |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104766011A true CN104766011A (en) | 2015-07-08 |
CN104766011B CN104766011B (en) | 2017-09-12 |
Family
ID=53647833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510134971.XA Expired - Fee Related CN104766011B (en) | 2015-03-26 | 2015-03-26 | The sandbox detection alarm method and system of Intrusion Detection based on host feature |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104766011B (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105320884A (en) * | 2015-11-02 | 2016-02-10 | 南京安贤信息科技有限公司 | Security protection method and system for virtual machine |
CN105656872A (en) * | 2015-07-17 | 2016-06-08 | 哈尔滨安天科技股份有限公司 | Attacker tracking method and system based on backbone network |
CN105718792A (en) * | 2015-08-13 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Sandbox based two-dimensional code detection method and system |
CN105740705A (en) * | 2015-12-28 | 2016-07-06 | 哈尔滨安天科技股份有限公司 | LXC container-based host defense method and system |
CN105978911A (en) * | 2016-07-15 | 2016-09-28 | 江苏博智软件科技有限公司 | Malicious code detection method and device based on virtual execution technology |
CN106549980A (en) * | 2016-12-30 | 2017-03-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of malice C&C server determines method and device |
CN106611122A (en) * | 2015-10-27 | 2017-05-03 | 国家电网公司 | Virtual execution-based unknown malicious program offline detection system |
CN106778273A (en) * | 2016-12-28 | 2017-05-31 | 北京安天网络安全技术有限公司 | A kind of method and system for verifying malicious code liveness in victim host |
CN106878301A (en) * | 2017-02-13 | 2017-06-20 | 国网江西省电力公司信息通信分公司 | A kind of detection method and system of senior sustainable threat |
CN106919837A (en) * | 2016-10-20 | 2017-07-04 | 深圳市安之天信息技术有限公司 | A kind of unknown self-starting recognition methods of malicious code and system |
CN107392026A (en) * | 2017-06-23 | 2017-11-24 | 北京小度信息科技有限公司 | leak detection method and device |
CN107403096A (en) * | 2017-08-04 | 2017-11-28 | 郑州云海信息技术有限公司 | It is a kind of that software detecting method is extorted based on file status analysis |
CN107491691A (en) * | 2017-08-08 | 2017-12-19 | 东北大学 | A kind of long-range forensic tools Safety Analysis System based on machine learning |
CN107566401A (en) * | 2017-09-30 | 2018-01-09 | 北京奇虎科技有限公司 | The means of defence and device of virtualized environment |
CN107657176A (en) * | 2017-09-26 | 2018-02-02 | 四川长虹电器股份有限公司 | A kind of unknown malicious code identification of Behavior-based control analysis and analysis method |
CN107729751A (en) * | 2016-08-12 | 2018-02-23 | 阿里巴巴集团控股有限公司 | data detection method and device |
CN107733927A (en) * | 2017-11-28 | 2018-02-23 | 深信服科技股份有限公司 | A kind of method of Botnet file detection, Cloud Server, apparatus and system |
CN108804914A (en) * | 2017-05-03 | 2018-11-13 | 腾讯科技(深圳)有限公司 | A kind of method and device of anomaly data detection |
CN109274676A (en) * | 2018-10-07 | 2019-01-25 | 杭州安恒信息技术股份有限公司 | The method and system of wooden horse control terminal IP address are obtained based on self study mode |
CN109327451A (en) * | 2018-10-30 | 2019-02-12 | 深信服科技股份有限公司 | A kind of method, system, device and medium that the upload verifying of defence file bypasses |
CN109948336A (en) * | 2019-01-29 | 2019-06-28 | 北京中安兴坤科技有限公司 | Malicious code detecting method and device |
CN110417768A (en) * | 2019-07-24 | 2019-11-05 | 北京神州绿盟信息安全科技股份有限公司 | A kind of tracking and device of Botnet |
CN110489970A (en) * | 2018-05-14 | 2019-11-22 | 阿里巴巴集团控股有限公司 | Leak detection method, apparatus and system |
WO2020134311A1 (en) * | 2018-12-26 | 2020-07-02 | 中兴通讯股份有限公司 | Method and device for detecting malware |
CN111444510A (en) * | 2018-12-27 | 2020-07-24 | 北京奇虎科技有限公司 | CPU vulnerability detection method and system based on virtual machine |
CN111680296A (en) * | 2020-06-15 | 2020-09-18 | 杭州安恒信息技术股份有限公司 | Method, device and equipment for identifying malicious program in industrial control system |
CN113672918A (en) * | 2021-08-04 | 2021-11-19 | 安天科技集团股份有限公司 | Malicious code detection method and device, storage medium and electronic equipment |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10943007B2 (en) * | 2017-09-20 | 2021-03-09 | Twistlock, Ltd | System and method for defending applications invoking anonymous functions |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1737722A (en) * | 2005-08-03 | 2006-02-22 | 珠海金山软件股份有限公司 | System and method for detecting and defending computer worm |
CN1801031A (en) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | Method for judging whether a know program has been attacked by employing program behavior knowledge base |
CN1845120A (en) * | 2006-05-16 | 2006-10-11 | 北京启明星辰信息技术有限公司 | Automatic analysis system and method for malicious code |
CN102034050A (en) * | 2011-01-25 | 2011-04-27 | 四川大学 | Dynamic malicious software detection method based on virtual machine and sensitive Native application programming interface (API) calling perception |
CN102682229A (en) * | 2011-03-11 | 2012-09-19 | 北京市国路安信息技术有限公司 | Malicious code behavior detection method based on virtualization technology |
-
2015
- 2015-03-26 CN CN201510134971.XA patent/CN104766011B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801031A (en) * | 2004-12-31 | 2006-07-12 | 福建东方微点信息安全有限责任公司 | Method for judging whether a know program has been attacked by employing program behavior knowledge base |
CN1737722A (en) * | 2005-08-03 | 2006-02-22 | 珠海金山软件股份有限公司 | System and method for detecting and defending computer worm |
CN1845120A (en) * | 2006-05-16 | 2006-10-11 | 北京启明星辰信息技术有限公司 | Automatic analysis system and method for malicious code |
CN102034050A (en) * | 2011-01-25 | 2011-04-27 | 四川大学 | Dynamic malicious software detection method based on virtual machine and sensitive Native application programming interface (API) calling perception |
CN102682229A (en) * | 2011-03-11 | 2012-09-19 | 北京市国路安信息技术有限公司 | Malicious code behavior detection method based on virtualization technology |
Non-Patent Citations (1)
Title |
---|
韩奕: "基于行为分析的恶意代码检测与评估研究", 《中国优秀硕士学位论文全文数据库 信息科技辑 》 * |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105656872A (en) * | 2015-07-17 | 2016-06-08 | 哈尔滨安天科技股份有限公司 | Attacker tracking method and system based on backbone network |
CN105718792A (en) * | 2015-08-13 | 2016-06-29 | 哈尔滨安天科技股份有限公司 | Sandbox based two-dimensional code detection method and system |
CN106611122A (en) * | 2015-10-27 | 2017-05-03 | 国家电网公司 | Virtual execution-based unknown malicious program offline detection system |
CN105320884A (en) * | 2015-11-02 | 2016-02-10 | 南京安贤信息科技有限公司 | Security protection method and system for virtual machine |
CN105740705A (en) * | 2015-12-28 | 2016-07-06 | 哈尔滨安天科技股份有限公司 | LXC container-based host defense method and system |
CN105978911A (en) * | 2016-07-15 | 2016-09-28 | 江苏博智软件科技有限公司 | Malicious code detection method and device based on virtual execution technology |
CN105978911B (en) * | 2016-07-15 | 2019-05-21 | 江苏博智软件科技有限公司 | Malicious code detecting method and device based on virtual execution technology |
CN107729751A (en) * | 2016-08-12 | 2018-02-23 | 阿里巴巴集团控股有限公司 | data detection method and device |
CN106919837A (en) * | 2016-10-20 | 2017-07-04 | 深圳市安之天信息技术有限公司 | A kind of unknown self-starting recognition methods of malicious code and system |
CN106919837B (en) * | 2016-10-20 | 2020-02-07 | 深圳市安之天信息技术有限公司 | Unknown self-starting identification method and system for malicious code |
CN106778273A (en) * | 2016-12-28 | 2017-05-31 | 北京安天网络安全技术有限公司 | A kind of method and system for verifying malicious code liveness in victim host |
CN106549980A (en) * | 2016-12-30 | 2017-03-29 | 北京神州绿盟信息安全科技股份有限公司 | A kind of malice C&C server determines method and device |
CN106549980B (en) * | 2016-12-30 | 2020-04-07 | 北京神州绿盟信息安全科技股份有限公司 | Malicious C & C server determination method and device |
CN106878301A (en) * | 2017-02-13 | 2017-06-20 | 国网江西省电力公司信息通信分公司 | A kind of detection method and system of senior sustainable threat |
CN108804914A (en) * | 2017-05-03 | 2018-11-13 | 腾讯科技(深圳)有限公司 | A kind of method and device of anomaly data detection |
CN107392026A (en) * | 2017-06-23 | 2017-11-24 | 北京小度信息科技有限公司 | leak detection method and device |
CN107403096A (en) * | 2017-08-04 | 2017-11-28 | 郑州云海信息技术有限公司 | It is a kind of that software detecting method is extorted based on file status analysis |
CN107491691A (en) * | 2017-08-08 | 2017-12-19 | 东北大学 | A kind of long-range forensic tools Safety Analysis System based on machine learning |
CN107657176A (en) * | 2017-09-26 | 2018-02-02 | 四川长虹电器股份有限公司 | A kind of unknown malicious code identification of Behavior-based control analysis and analysis method |
CN107566401A (en) * | 2017-09-30 | 2018-01-09 | 北京奇虎科技有限公司 | The means of defence and device of virtualized environment |
CN107566401B (en) * | 2017-09-30 | 2021-01-08 | 北京奇虎科技有限公司 | Protection method and device for virtualized environment |
CN107733927A (en) * | 2017-11-28 | 2018-02-23 | 深信服科技股份有限公司 | A kind of method of Botnet file detection, Cloud Server, apparatus and system |
CN107733927B (en) * | 2017-11-28 | 2021-10-19 | 深信服科技股份有限公司 | Botnet file detection method, cloud server, device and system |
CN110489970A (en) * | 2018-05-14 | 2019-11-22 | 阿里巴巴集团控股有限公司 | Leak detection method, apparatus and system |
CN109274676B (en) * | 2018-10-07 | 2020-12-11 | 杭州安恒信息技术股份有限公司 | Method, system and storage device for acquiring IP address of Trojan control terminal based on self-learning mode |
CN109274676A (en) * | 2018-10-07 | 2019-01-25 | 杭州安恒信息技术股份有限公司 | The method and system of wooden horse control terminal IP address are obtained based on self study mode |
CN109327451A (en) * | 2018-10-30 | 2019-02-12 | 深信服科技股份有限公司 | A kind of method, system, device and medium that the upload verifying of defence file bypasses |
WO2020134311A1 (en) * | 2018-12-26 | 2020-07-02 | 中兴通讯股份有限公司 | Method and device for detecting malware |
CN111444510A (en) * | 2018-12-27 | 2020-07-24 | 北京奇虎科技有限公司 | CPU vulnerability detection method and system based on virtual machine |
CN109948336A (en) * | 2019-01-29 | 2019-06-28 | 北京中安兴坤科技有限公司 | Malicious code detecting method and device |
CN110417768A (en) * | 2019-07-24 | 2019-11-05 | 北京神州绿盟信息安全科技股份有限公司 | A kind of tracking and device of Botnet |
CN110417768B (en) * | 2019-07-24 | 2021-10-08 | 绿盟科技集团股份有限公司 | Botnet tracking method and device |
CN111680296A (en) * | 2020-06-15 | 2020-09-18 | 杭州安恒信息技术股份有限公司 | Method, device and equipment for identifying malicious program in industrial control system |
CN113672918A (en) * | 2021-08-04 | 2021-11-19 | 安天科技集团股份有限公司 | Malicious code detection method and device, storage medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN104766011B (en) | 2017-09-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104766011A (en) | Sandbox detection alarming method and system based on main engine characteristic | |
Milajerdi et al. | Holmes: real-time apt detection through correlation of suspicious information flows | |
Hossain et al. | Combating dependence explosion in forensic analysis using alternative tag propagation semantics | |
Hou et al. | Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs | |
CN104598824B (en) | A kind of malware detection methods and device thereof | |
Xiong et al. | CONAN: A practical real-time APT detection system with high accuracy and efficiency | |
CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
CN102647421B (en) | The web back door detection method of Behavior-based control feature and device | |
US20220371621A1 (en) | Stateful rule generation for behavior based threat detection | |
CN106611122A (en) | Virtual execution-based unknown malicious program offline detection system | |
Stolfo et al. | Anomaly detection in computer security and an application to file system accesses | |
WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
CN103218561B (en) | Tamper-proof method and device for protecting browser | |
CN111859394A (en) | TEE-based software behavior active measurement method and system | |
Lee et al. | Securing KVM-based cloud systems via virtualization introspection | |
Mishra et al. | PSI-NetVisor: Program semantic aware intrusion detection at network and hypervisor layer in cloud | |
Rajput et al. | Remote non-intrusive malware detection for plcs based on chain of trust rooted in hardware | |
Yang et al. | Ratscope: Recording and reconstructing missing rat semantic behaviors for forensic analysis on windows | |
Chandrasekaran et al. | Spycon: Emulating user activities to detect evasive spyware | |
Papazis et al. | Detecting indicators of deception in emulated monitoring systems | |
Yuan et al. | Research of intrusion detection system on android | |
Iffländer et al. | Hands off my database: Ransomware detection in databases through dynamic analysis of query sequences | |
Cavallaro et al. | Taint-enhanced anomaly detection | |
Mei et al. | CTScopy: hunting cyber threats within enterprise via provenance graph-based analysis | |
Tan et al. | Attack provenance tracing in cyberspace: solutions, challenges and future directions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
CB03 | Change of inventor or designer information |
Inventor after: Liu Zhiyong Inventor after: Wang Hongkai Inventor after: Zhang Xudong Inventor after: Xia Zhengmin Inventor after: Wu Jun Inventor after: Dai Bo Inventor after: Gong Xiaogang Inventor after: Li Jianhua Inventor before: Liu Zhiyong Inventor before: Wang Hongkai Inventor before: Xia Zhengmin Inventor before: Wu Jun Inventor before: Su Yating Inventor before: Li Jianhua |
|
COR | Change of bibliographic data | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160302 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: Information communication branch office of Guo Wang Zhejiang Electric Power Company Applicant after: Beijing Guodiantong Network Technology Co., Ltd. Applicant after: Shanghai Jiao Tong University Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: Beijing Guodiantong Network Technology Co., Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170912 Termination date: 20180326 |